Bishop Fox Happenings: September 2019
by Bishop Fox, on Sep 29, 2019 10:09:00 AM
Following the highs of Black Hat and DEFCON, September may feel a little slower, but our research team remains dedicated to working on some of the most exciting research projects in the industry - and we have much more planned to release before the year is through.
Here is the high-level overview of what Bishop Fox has been up to since we last talked.
Blog Posts We Dropped
Dark Reading - 6 Best Practices for Performing Physical Penetration Tests - Bishop Fox Associate VP of Consulting Daniel Wood recently wrote an article for Dark Reading about how pen testers can cover themselves legally when performing physical penetration testing. This was in response to the recent news of two pen testers being arrested in Iowa after attempting to break into a courthouse at the behest of their client.
Introducing Cyber.dic - Cyber.dic is a tool for security professionals who find that everyday technical terms are underlined in red in their emails, reports, and presentations. From antivirus software to ZIP files, the 1,700+ word list expands the vocabulary of Windows, Apple, and Linux spellcheck dictionaries with a wide range of infosec terms to get rid of those squiggly red lines.
Breaching the Trusted Perimeter: Automating Exploitation - In this blog post, Jon Williams compiled a detailed walkthrough of exploiting the Pulse SSL VPN arbitrary file read vulnerability that was released at Black Hat USA this past summer (CVE-2019-11510). He also created a corresponding Bash script to exploit the vulnerability.
Advisories We Released
OpenEMR 5.0.1(6) - RCE and XSS - Chris Davis successfully identified two vulnerabilities (one high and one medium) in this open source medical records management tool. This advisory encompasses the solution for anyone who may use this software in additional to how he discovered both the vulnerabilities.
OpenEMR 5.0.1(6) - Technical Advisory Release - Chris Davis identified a high-risk vulnerability in a popular open source medical records management tool, OpenEMR. The advisory contains all the technical nitty-gritty, but in case that’s not your cup of tea, this accompanying blog post gets to the heart of the matter.
New Members of the Team!
Joe Sechman Joins Bishop Fox as Associate VP of Product Research and Development - This month saw a record number of new executive hire announcements. Joe Sechman’s role is a very exciting one as we ramp up our managed security services program.
Mark Pavlick Joins Bishop Fox as Head of Sales - Another major hire for us, Mark Pavlick will help us in integrating our managed security services with our standard offerings when it comes to clients.
Jackie Todd Joins Bishop Fox as Associate VP of Resource Management - Jackie Todd’s role will prove pivotal as we continue to ensure we are offering the best service to clients. (This announcement was also covered by the Business Insider.)
Jamie Fiedrich Joins Bishop Fox as VP of IT Operations - The hiring of Jamie Fiedrich will allow us to operate from an even more well-defined business strategy moving forward.
Ed Leichtnam Joins Bishop Fox as Associated VP of Project Management - Ed Leichtnam will plan and implement the vision for the firm's project management office (PMO) during an exciting time of explosive company growth.
Elsewhere on the Internet...
GrowthList - 20 Cyber Security Startups You Should Get To Know - We were proud to be included in this list of growing cybersecurity startups.
MSSP Alert - Bishop Fox Discovers Medical Equipment Vulnerability - The OpenEMR vulnerabilities discovered by Bishop Fox security researcher were featured in this article.
And now this month has come to its end. Check back in October for another recap of the latest in Bishop Fox happenings.